Information Technology Services: University of Hawaii

General:
  • Overview
  • Unison1
  • Unison2

Current Specs:
  • Unison1 Commands
  • Data Transfers

Proposed Specs:
  • Information Model
    • Object Classes
    • Attributes
  • Functional Model
    • Commands
  • Security Model

Project:
  • Project Team
  > Project Status
  • Change Log

Search UH Metadirectory
 

UH Metadirectory Project Status

Milestones

Date Status Description
2002-02-03

Will use University Relations model for UH org. structure; OHR's EAC codes will complement it. Russ will consolidate info from both models upon receiving PeopleSoft data from Julio.

2002-12-11: Julio is waiting for refinements to Lance's SQR scripts before delivering data to Russ. This is really an ongoing process that will end when the WPMS is finished. Deadline moved to 2002-02-03

See 135

Transfer organizational structure from PeopleSoft and make sure Unison2, White Pages and LDAP are compatible (they present the same info)
2002-12-20

Lance's SQR scripts almost done; Julio looking into calling them directly from Unison.

2002-12-11: Julio finished scripts to process data from Lance's SQR scripts. Next step is to write code to update Unison1 and/or Unison2. Need to set up a secure server on poipu that allows Unison2 to retrieve PeopleSoft changes incrementally. Deadline moved to 2002-12-20

See 108, 125, 109

Fully automated daily updates from PeopleSoft
2002-12-30

Julio needs to implement about 18 commands from the Unison1 API and is about 70% set on the Unison2 database schema; Julio/Russ/Chad need to implement commands that that synch LDAP servers;

2002-12-11: Nothing has been done since November 2002. Deadline moved to 2002-12-30

See 111, 112, 117, 120,

Unison2 server in Unison1 compatibility mode- start beta test
2002-12-26

Need to assign someone to modify trigger to send back ITS Username as well. Julio will look into it and consult with SCT. Julio needs to stress test the trigger.

2002-12-11: Julio asked Deb to get SCT consultant to review past work on trigger. Moved deadline to 2002-12-26

See 121

Banner-Unison2 trigger for assigning a uhUuid to new Banner entries -start beta test
2002-12-15

Julio is looking at Charles' SQL scripts for Banner->Unison synchronization. Will rely on above described trigger to take care of Unison->Banner synchronization. Will need to write a job that catches Banner entries without uhUuids that were missed by the above trigger.

2002-12-11: SQL code provided by Charles. Need to incorporate it into metadirectory

See 141, 109

Fully automated daily(?) updates from Banner
2003-01-21

2002-12-11: Moved deadline to 2003-01-21

See 111, 112, 117, 120

Unison2 server in Unison1 compatibility mode - deploy
(needed for automating data updates)
(needed before we interface with Banner because it's more stable and it's faster)

2003-01-21

2002-12-11: Moved deadline to 2003-01-21

See 121

Banner-Unison2 trigger for assigning a uhUuid to new Banner entries -deploy
2003-01-21

2002-12-11: Moved deadline to 2003-01-21

See 108, 137, 143

Instant synchronization of everything with central LDAP service
(LDAP only has currently affiliated entries; uhExpiration attribute is moot and removed)
2003-01-21

2002-12-11: Moved deadline to 2003-01-21

See 143

Instant ITS username/password synchronization with email LDAP server
2003-02-03

See 104, 133, 143

2002-12-11: Julio already defined requirements to Zachary. Both are currently finalizing the design.

Instant ITS username/password synchronization with NIS
2003-02-28 See 143, 144 All things in place to minimize duplicate entries due to typos or entries added carelessly without checking for name matches in existing entries. Start duplicate cleanup here.
??? See 142 Instant ITS username/password synchronization with Web For
??? See 142 Instant ITS username/password synchronization with Luminis

Tasks & Issues

Note: Red denotes new entries

Item ID Status Item Description
100 Done Define UH Metadirectory team charter
101   Populate metadirectory-l with sysunix staff, ITS Username team members, campus/unison1 reps, itsmgmt?, banner, peoplesoft
102   Identify and contact relevant parties: MIS, OHR, UH ID Office(s), UR
103 Only metadirectory-data list has been fully deployed Introduce metadirectory@hawaii.edu and metadirectory-data@hawaii.edu. Automate subscriptions to these mailing lists?

Quick Wins

Item ID Status Item Description
104

2002-10-31: ID Management subsystem assigned to one of our students (Zack)

2002-11-18: Requirements defined; next deliverable is technical specs; NIS test environment has been set up on lapras.its.hawaii.edu;

2002-12-11: API 70% done. Working on full end-to-end implementation of the add_user function as a prototype for the rest of the API.

Write system to update NIS directly instead of using PRIS. This will allow for reduction of complexity in the current system, and instant username creation and instant password resets.
105   Retire ph/qi, use LDAP, but retain current functionality (keep students who want to opt in) until there is an application that fully implements FERPA
106   Merge metadirectory database schema with white page's database schema
138 2002-10-30: Waiting for response from PAE staff Move PAE away from telnetting to special system and have them use LDAP instead.
145 2002-11-18: Assigned to Thang Retire unnecessary replication of data via PRIS to make way for #104

Interim Ongoing Processes

Item ID Status Item Description
107

2002-11-17: Improved programs to detect duplicates and match entries even though SSN, birth dates and names are misspelled.

Unison1 data needs a clean-up after Banner data imported
108 2002-10-31: Waiting for PeopleSoft data Delete all affiliations associated with SIS and PeopleSoft and redo them from scratch after a strict data delivery schedule has been defined. This should increase the accuracy of data.
109   Data still manually transferred to us from the various Unison "dataorigins". Data delivery schedule is still a "manual" process
110   Revoke old unison1 idmgt.users entries (bounced mail, non-existing usernames, no longer help deskers)

Future

Item ID Status Item Description
111 Done in development; deployment waiting for Unison2 to be complete. Upgrade Unison1 server from blocking single-thread process to multi-threaded process
112 Revamped data store and affected functionality Convert Unison1 data store to an Oracle database
113   Need to obsolete & incorporate the initial Unison2 DB Schema submitted to the fileshare
114   Handle key attribute changes (uhSSN, uhUuid) including swapping, merging, deleting. Define XML for tracking important changes (uhUuid changed, SSN changed, name changed, uhUuids merged)
115   Define Unison2 API
116 Information Model done Define Unison2 XML schema
117

Need team to validate this

2002-10-29: Fine for now; let's discuss applicability when we discuss #136

Standardize on https and XML. Require POST? (See also EDT)
118   Manage LDAP's special DNs
119 Done except for Username life cycle and data delivery & synchronization Incorporate UH Directory Services Synchronization Specs into UH Metadirectory specifications. Explain what has been deleted/kept if anything
120 2002-10-29: Yes, we'll take the path of least resistance and support Unison1 API to minimize impact on applications that currently use that API (sunsys CGIs) Support Unison1 API? If needed, write a numclient replacement that proxies between Unison2 server and Unison1 programs. I'd rather not include legacy Unison1 code into Unison2 List all programs that use numclient to see what level of Unison1 compatibility is needed
136 2002-10-29: We might be able to do away with a database for the metadirectory although it's not clear how we'll access the miscellaneous sources of data such as EWC and others whom we might not be able to query "live". We cannot do away with the data store on LDAP because then we won't be able to tak advantage of all that LDAP has to offer. Do not replicate data onto a metadirectory database but use middleware to do a "live" query on sources of data (ie pass queries through to PeopleSoft and Banner)
137 2002-10-31: This is necessary if LDAP is to keep only those entries that are currently affiliated. Expired entries should not appear on LDAP. Future expirations are too unpredictable to support and can lead to incorrect assumptions. Remove uhExpiration attribute from LDAP once affiliation information can be kept up to date

Student Information Systems

Item ID Status Item Description
121

2002-11-09: Need to add ITS Username as a return value for the trigger; need to stress test this trigger

2002-12-11: Julio asked Deb to get SCT consultant to review past work on trigger. Moved deadline to 2002-12-26

Banner trigger for uhUuid needs to be tested
122   Banner WebFor uses uppercase ITS Usernames and a separate password
123 2002-11-18: This is probably acceptable and not an issue Banner Web for Faculty uses its own Q&A to reset its own password
124   Banner uhUuid trigger by SSN or DOB may not account for all cases where a uhUuid needs to be generated
141 2002-11-08: Julio is looking at Charles' SQL scripts for Banner->Unison synchronization. Will rely on above described trigger to take care of Unison->Banner synchronization. Will need to write a job that catches Banner entries without uhUuids that were missed by the above trigger. Automate daily updates

Human Resources

Item ID Status Item Description
125

Extract programs done. Some PeopleSoft data needs to be cleaned. Need to automate synchronization into Unison1

2002-11-15: PeopleSoft data has been cleaned up. Lance is almost finished with updated extract programs that include the EAC codes. Julio is looking into running Lance's SQR scripts directly from Unison and avoid transferring files.

2002-12-11: Julio finished scripts to process data from Lance's SQR scripts. Next step is to write code to update Unison1 and/or Unison2. Need to set up a secure server on poipu that allows Unison2 to retrieve PeopleSoft changes incrementally. Deadline moved to 2002-12-20

Automate daily updates
126 Done Fine-grained PeopleSoft affiliations (e.g. RA, TA)
127   Add SCOPIS to scheduled data delivery
135

2002-10-30: Russ is working with Lance on this.

2002-11-06: Decision made to standardize on PeopleSoft's EAC columns to describe the UH organizational structure: add an Orgs branch to LDAP, populate it with EAC numeric values but expand the "HRIS Narrative" into non-abbreviated name for the organization.

2002-11-18: Russ found out that "EAC codes and OHR's list of organizations are incomplete with respect to all that is under SOEST and perhaps other organizations as well. For example, MarBEC (Marine Bioproducts Engineering Center) is not listed under SOEST. This leaves no alternative except to retain Universiy Relations' department group codes for organizations as the canonical view of the UH System as they have taken the pulse of the masses."

Add finer-grained organizational information from PeopleSoft to support requests like SOEST's, but make sure that Unison2, White Pages and LDAP are compatible (they present the same info)

Related Projects

Item ID Status Item Description
128 See 135 Support broadcast email based on affiliation
129   Track alumni (ohana.hawaii.edu)
130   Enterprise scheduling capability -- does the metadirectory need to do anything about this?
131   Relationship with WebISO and other single sign on efforts?
132

Brought to the attention of the Banner team.

2002-10-28: Michael asked Russ to head this effort.

2002-10-31: To be addressed after Banner implementation unless Banner Team decides to address it sooner.

FERPA application needed. Unison1's "public" setting (uhRestrict=uhUnlisted) is not quite the same as FERPA. Student needs to opt-out each semester. Need to coordinate with each admissions office
133 2002-10-31: ITS Systems Engineering staff are favoring Sun's method after attending LDAP training class. No timeline yet, but most likely 6 months to a year. Need to replace NIS with LDAP. Debating whether to use Sun's or Piet Ruyssinck's method.
134   Update sunsys.its.hawaii.edu CGI scripts to use Unison2
139

2002-11-18: Russ is converting the LdapUserAuth DLL used by OHR and DLUS to use LDAPS. Notification of change has been sent to affected developers via metadirectory-data mailing list. Target deadline is 2002-12-05

2002-12-11: Moved deadline for sites to stop using non-SSL LDAP to 2002-12-19.

Enforce use of LDAP over secure SSL (LDAPS) for all non-anonymous binds. Depends on 140 and on Web apps being converted. Various programming languages are used by Web apps.
140

2002-11-18: Russ is working on this.

2002-12-11: Still stalled. Thang looking in SunSolve.

Use SSL for LDAP replication between master and slave servers to use SSL.
142   Many synchronization issues are dealt with by the Portal Implementation and Banner Integration teams
143   Write code that updates LDAP servers from Unison2/WPMS tables. Russ/Chad and Julio need to synchronize this task or risk incompatibility and duplicated effort
144   Put checks in place to reduce duplicate entries due to typos or unavailable SSN, birth date, name
146 2002-12-11: Russ and Julio talked with John Morton and SCT's Michael Kennedy. All we need is a way to interface with Oracle and add/modify/delete Oracle accounts. Single Sign On for SCT Datamart (and Banner in general)


Information Technology Services
Maintained by: Julio Polo
©2002 University of Hawaii
Updated: 2002-12-11 14:32:00




Go to ITS Home Page Go to UHINFO Go to ITS Home Page